Firebase realtime database phone security rules

0
votes

I need some help with securing my database.

Those are my security rules:

firebase rules and playground

I've tried this code to give access to each user to read and write his own data:

{
"rules": {
     "Users":{
         "$user":{
             ".read": "auth.token.phone_number==$user",
             ".write": "auth.token.phone_number==$user",
          }
      }    
  }
}

My database looks like this (i'm using phone numbers instead of uid):

but for some reason when I run the firebase rules playground with a given auth.token.phone number that equals to the exact location I gave for example i get read option denied.

and it happens also within my app with my app can you guys help me to solve it?

2
databasefirebasefirebase-authenticationfirebase-security

2 Answers

0
votes

create a new data path admins and store the phone number as a child and do this. sorry if this didnt work as i am also a beginner

  root.child('admins').child(auth.token.phone_number)
0
votes

In provider type ::Choose Custom And In payload use :

{ "provider": "anonymous", "uid": "********", "token":{ "phone_number":"" } }

Rules are:

"$phone":{ ".read":"auth!==null && auth.token.phone_number===$phone", ".write":false } }